Last night, I received a charming email message from Theresa May, revelling in all the foreigners she has kept out of the country before asking me for money. I’m paraphrasing slightly. I regret that politicians don’t have the time to keep me in the loop as much as I’m sure they’d like – I’d really like to know more about Michael Gove’s crusade to keep rudeness out of politics (presumably, he just wants it directed at his civil servants). So perhaps I should not be churlish when one of them gets in touch.
But as Theresa is supposed to be responsible for law and order, I find myself pedantically drawn to point out that her email was almost certainly illegal.
The Privacy and Electronic Communications (EC Directive) Regulations – universally and hilariously known by the acronym PECR (say it out loud) – require organisations wanting to send direct marketing emails to obtain prior consent before doing so. Much as politicians would like to think different, exhorting a member of the public to vote, to donate or support a campaign is direct marketing – both the Information Commissioner and the Tribunal have said this, and the four major political parties in the UK (Conservatives, Labour, LibDems and the Scottish Nationalists) have all received enforcement notices under PECR as a result. So unless the Conservatives have obtained my direct consent to send me these marketing emails, they’ve breached PECR and possibly Data Protection as well.
I have three email addresses – one I use for business purposes which is published on the internet. In PECR terms, I am a corporate subscriber for this address, and cannot complain about spam if I receive it. My other two email addresses are personal ones – in PECR terms, I am an individual subscriber for both. One I use for a lot of general correspondence, the other I use for competitions, surveys and other situations where I think that the person I am giving it to might send me spam emails. If I was to fill in a survey or a petition – the only place I can imagine the Tories might have obtained my email address from – I would always use the third spammy one. What’s interesting about Theresa’s email is that it was sent to the middle one – the personal address that I am more likely to read, but which is not published on the internet like my business one, but is not on all the dodgy databases that list brokers hawk, often illegitimately, as ‘opted-in data’.
In short, the Conservative Party must be able to explain how they fairly obtained an email address that I am 99% certain I would not have ever given to them, or anyone affiliated to them. This is not because I am particularly anti-Tory – I am left-wing, but I have equal contempt for all parties and politicians and avoid them all with the same diligence. Unless they can show me clearly where they got my email from and that they did so fairly (as opposed to scraping it from somewhere or buying a shonky database), they may well have breached the First Data Protection principle.
And that’s the sideshow. PECR is engagingly blunt – even if I have answered a petition or survey and unintentionally used this email address, the Conservative Party would still need my consent before sending me emails. The so-called ‘soft opt-in’ – which allows an opt-out in prescribed circumstances – applies only to sales or negotiation for a sale, conditions which would not apply to a political party.
I’ve written to the Conservatives to ask for the following information:
- Where they obtained my email address from
- How they obtained my consent, and a copy of the web page or document on which I indicated my consent to receive emails from them
Under Section 7 of the Data Protection Act, the Conservatives are obliged to provide me with any personal data they hold about me, and also to confirm the source from which they obtained my personal data (in this case, my personal email address). They could, of course, charge me £10 for this information, but given that the person responsible for maintaining law and order in this country has put their name on correspondence that I am pretty certain breaks the law, I think it would be polite of them to waive the fee.
Nothing is certain – I’m not going to complain to the Information Commissioner until the Conservatives show me what they did / did not do around consent. However, the current Parliament is past the halfway point, and we’re heading down a long, relentless slope towards a general election which will no doubt inspire a marketing frenzy, especially on social media, email, text and phone. It is very important that all politicians remember that PECR gives us all something very valuable for the latter three channels – easy and straightforward rights to be LEFT ALONE. The law applies to them, just as much as it does to anyone else. If you are bothered by unwelcome marketing from politicians, why not ask them the same questions I have above?